Inferential SQL injection, unlike in-band SQLi, may take longer for an attacker to exploit, however, it is just as dangerous as any other form of SQL injection. In an inferential SQLi attack, no data is actually transferred via the web application and the attacker would…
Author Archives Ian Muscat
THE AUTHOR
Ian Muscat
New vBulletin pre-authentication RCE 0-day discovered, being used in the wild
A high-severity Remote Code Execution (RCE) vulnerability has been identified in the latest version of vBulletin. The 0-day vulnerability in the popular forum software, came to light when when vBulletin’s developers released a security update for versions 5.1.4 through 5.1.9 of the software on Monday…
SQLi part 4: In-band SQLi (Classic SQLi)
SQL injection can be classified into three major categories – In-band SQLi, Inferential SQLi and Out-of-band SQLi. In this article we shall be exploring In-band SQL Injection. In-band SQLi (Classic SQLi) In-band SQL injection is the most common and easy-to-exploit of SQL injection attacks. In-band…
000webhost Breach Exposes 13 Million Passwords
000webhost is one of the most popular free hosting providers out on the Internet. Unfortunately for them and their users, all their 13 million user accounts have had their usernames and passwords leaked through what was eventually revealed to be a database breach via an…
SQLi part 3: The anatomy of an SQL Injection attack
An SQL injection needs just two conditions to exist – a relational database that uses SQL, and a user controllable input which is directly used in an SQL query. In the example below, it shall be assumed that the attacker’s goal is to exfiltrate data from…
Get tested during Cyber Security Awareness Month
It is October again, and that means that it is a better time than ever to set aside some time to gather the relevant troops inside your organization to evaluate your information security posture – because October is National Cyber Security Awareness Month! Since its…
SQLi part 2: What’s the worst an attacker can do with SQL?
SQL is a programming language designed for managing data stored in an RDBMS, therefore SQL can be used to access, modify and delete data. Furthermore, in specific cases, an RDBMS could also run commands on the operating system from an SQL statement. Keeping the above…
SQLi – How it works (Part 1)
In this 6 part series on SQLi (SQL Injection) we shall be describing the vulnerability and its variants, showing how it works and what an attacker can do with it. SQL injection (SQLi) refers to an injection attack wherein an attacker can execute malicious SQL…
Cross-site Scripting and its variants explained
Cross-site Scripting (XSS) has been making the Top 5 list of exploitable vulnerabilities since it was first discovered way back in the 1990s. The term XSS refers to a client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or…